With Vulnerability Management, Enterprises Seek to Get Proactive
It seems every few weeks there’s another major vulnerability. In early December 2021, we had Log4j, the vulnerability in the open source logging library Apache Log4j, which is used near ubiquitously. And at the end of March, a flaw known as Spring4Shell was sprung onto Java developers and assigned a grim Common Vulnerability Scoring System (CVSS) rating of 9.8.
A recent report from crowdsourced bug-finding platform provider Bugcrowd found a whopping 185% increase in software vulnerabilities within financial services companies in the year prior to the report. The Bugcrowd report also found cross-site scripting was the most commonly identified type of attack aimed at these flaws.
As more software and software-based services come to market, and organizations continue to digitally transform themselves, the number of vulnerabilities is only going to increase. A survey-based report from security vendor Netwrix this week found that 70% of organizations have a vulnerability assessment tool or vulnerability management services provider helping them to mitigate flaws within their environments.
The respondents aren’t interested in simply checking the box for regulatory compliance mandates. Seventy percent of respondents said they need to be proactive with their security measures and 76% of those respondents that don’t have a vulnerability assessment tool plan to purchase one soon.
The global security and vulnerability management market size is projected to grow from nearly $14 billion in 2021 to nearly 19 billion by 2026, a growth rate of just over 6%.
Only 10% of respondents implemented their vulnerability assessment tool because of an audit finding, or an upcoming audit. Interestingly, 8% of those surveyed indicated that they don’t need a vulnerability management tool.
While budget is critical for 58% of respondents, 52% said they would consider changing to a new solution if it would reduce the volume of false positive alerts through improved accuracy. Other survey answers revealed some of the challenges associated with these tools, such as the desire for simplified licensing (31%), increased scalability (30%) and increased breadth of coverage (38%).
Analysts commonly cite rising numbers of software vulnerabilities, the costs of being breached due to attacks such as ransomware and an increasing attack surface from cloud and IoT devices.
The survey is based on responses from 720 IT professionals globally.